CVE-2023-2628

Exploit

EPSS 0.39%
Veröffentlicht 27.06.2023 14:15:11
Zuletzt bearbeitet 21.11.2024 07:58:57
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

KiviCare Management System < 3.2.1 - Multiple CSRF

KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Cross-Site Request Forgery

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)

Mögliche Gegenmaßnahme

KiviCare – Clinic & Patient Management System (EHR): Update to version 3.2.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Iqonic ≫ Kivicare SwPlatformwordpress Version < 3.2.1

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt KiviCare – Clinic & Patient Management System (EHR)

Version *-3.2.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.305

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/e0741e2c-c529-4815-8744-16e01cdb0aed

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/4101c35e-5af9-4372-9ed1-fb6a15d8500f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2628

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2628

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2628

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-2628